How I was able to find PHP info page on the website

2 min readSep 7

Introduction

Hello, everyone Today I like to share my story of the first-ever bug found on a website which was not very complicated because at that time was just a novice at the time. The bug I found was information disclosed which was a fully exposed page of the phpinfo page

Let’ get Start

My Target was the VDP program because I found a lot of bugs but most of them got duplicated after that I was sure of the 1 thing I needed to do.

Try my best in the VDP program to get some reputation and finally be able to get into the private program and do my best on that private program Why you ask because it will have less traffic and my chances of finding non-duplicated bugs will increase

after looking for VDP programs on HackerOne after a 15 min. I picked a good one that has a wildcard domain in it. I started with finding all subdomains of it and took screenshots of all domains. after that, I started to check all the screen to find one interesting interface There was a lot of domain which have just blank page and some 403 forbidden pages. I started the domain the hunting thing I tried to do was trying to bypass the 403 forbidden pages and was able to see some sensitive information but I failed at doing so. After I collect all domains that have empty pages and put them in empty.txt I ran dirsearch on empty.txt It takes a lot of them After a long time when I checked saved input dirsearch it was going to all 200 OK path again after a long time I lost hope of finding information disclosed on the domains but I still kept going there was a URL in the file that was https://dll.anything.com/test.php I was a thing it was some test demo page nothing more than that but I was surprised I was open that I was able to see the full phpinfo() page explode after that I quickly made a report of it and submitted it and after that, It got Resolved after 20 days that how I was able to find my first and just like me you should not give up

And thank you for reading till now, and I am looking forward to sharing my knowledge and my story with you all.

Written by Security Sphinx

666 Followers

I am a beginner pen tester and bug bounty hunter. Passionate about cybersecurity and always learning to stay up-to-date. #HackerOne #Bugcrowd.

Recommended from Medium

Salman Khan

$1,250 worth of Host Header Injection

What is Host Header Injection?

4 min read4 days ago

Unlock Instagram Hacks with Inshackle — The Ultimate Tool

hackreveal

Unlock Instagram Hacks with Inshackle — The Ultimate Tool

Inshackle — Instagram Hacks: is a freely available open-source intelligence tool that can be downloaded for free from GitHub. It is…

1 min readSep 21

Lists

Medium Publications Accepting Story Submissions

154 stories732 saves

Isu Momodu Abdulrauf

Fuzzing APIs

Fuzzing or Fuzz testing is an automated testing method where random, invalid, distorted, or unexpected input is given to an API Endpoint to…

8 min readSep 10

Exploiting Broken Access Control Vulnerability 💰

Manthan_ mahale

Exploiting Broken Access Control Vulnerability 💰

Greetings, fellow security enthusiasts! I’m here to share a recent discovery — a security vulnerability uncovered on the Private program…

2 min readSep 16

Bug Bounty Hunting Guide: Essential Tools and Strategies

ByteBusterX

Bug Bounty Hunting Guide: Essential Tools and Strategies

Introduction:

5 min readSep 18

HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]

Falken Smaze

HTTP parameter pollution : Bug bounties [Server-Side ; Client-Side]

Join our Discord server for private learning material and like-minded individuals!

5 min readApr 29

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams

How I was able to find PHP info page on the website

Written by Security Sphinx

More from Security Sphinx

Websites that will help you in cyber security